package com.woniu.config;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import com.woniu.pojo.User;
import com.woniu.utils.EmailRealm;
import com.woniu.utils.FaceRealm;
import com.woniu.utils.UaccountRealm;
import com.woniu.utils.UphoneRealm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.LocaleResolver;

import java.util.*;

@Configuration
public class ShiroConfig {
    //配置一个SecurityManager 安全管理器
    @Bean
    public SecurityManager securityManager(){
        DefaultWebSecurityManager defaultWebSecurityManager=new DefaultWebSecurityManager();
        //配置自定义认证器
        defaultWebSecurityManager.setAuthenticator(myModularRealmAuthenticator());
        Collection<Realm> realms=new ArrayList<>();
        realms.add(uaccountRealm());
        realms.add(uphoneRealm());
        realms.add(emailRealm());
        realms.add(faceRealm());
        //defaultWebSecurityManager.setRealm(uaccountRealm());
        defaultWebSecurityManager.setRealms(realms);
        return defaultWebSecurityManager;
    }
    //配置一个自定义的Realm的bean，最终将使用这个bean返回的对象来完成我们的认证和授权
    @Bean
    public UaccountRealm uaccountRealm(){
        UaccountRealm myRealm=new UaccountRealm();
        return myRealm;
    }
    @Bean
    public UphoneRealm uphoneRealm(){
        UphoneRealm uphoneRealm=new UphoneRealm();
        return uphoneRealm;
    }
    @Bean
    public EmailRealm emailRealm(){
        EmailRealm emailRealm=new EmailRealm();
        return emailRealm;
    }
    @Bean
    public FaceRealm faceRealm(){
        return  new FaceRealm();
    }
    //配置一个Shiro的过滤器bean，这个bean将配置Shiro相关的一个规则的拦截
    //列入什么样的请求可以访问什么样的请求不可以访问等等
    @Bean
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager){
        //创建过滤器
        ShiroFilterFactoryBean shiroFilterFactoryBean=new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        shiroFilterFactoryBean.setLoginUrl("/login");//配置用户登录请求，如果需要进行登陆时Shiro就会转到这个请求进入登录界面
        shiroFilterFactoryBean.setSuccessUrl("/main");//配置登录成功后转向的地址
        shiroFilterFactoryBean.setUnauthorizedUrl("/login");//无权限转向的地址
        /**
         * 配置权限拦截规则
         */
        Map<String, String> filterChainMap=new LinkedHashMap<>();
        filterChainMap.put("/login","anon");//配置登录请求不需要认证，anon表示某个请求不需要认证
        filterChainMap.put("/logOut","anon");//配置登出的请求，等处后会清空当前用户的内存

        filterChainMap.put("/loginDoo","anon");
        filterChainMap.put("/loginDo","anon");
        filterChainMap.put("/jumpGetface","anon");
        filterChainMap.put("/sendMassage","anon");
        filterChainMap.put("/searchface","anon");
        filterChainMap.put("/sendEmailMassage","anon");
        filterChainMap.put("/forgetPwd","anon");
        filterChainMap.put("/bootstrap/**","anon");
        filterChainMap.put("/css/**","anon");
        filterChainMap.put("/fonts/**","anon");
        filterChainMap.put("/img/**","anon");
        filterChainMap.put("/jquery/**","anon");
        filterChainMap.put("/laydate/**","anon");
        filterChainMap.put("/layer/**","anon");
        filterChainMap.put("/script/**","anon");
        filterChainMap.put("/Stuimg/**","anon");
        filterChainMap.put("/ztree/**","anon");
        filterChainMap.put("/asserts/**","anon");
        /*
        用注解拦截需要先把下面的配置注释掉
         */
        //配置一个admin开头的所有请求需要登录，authc表示需要登录认证
        //roles[admin] 表示所有以admin开头的请求需要有admin的角色才可以使用
//          filterChainMap.put("/findOne","authc,roles[manager]");
//        filterChainMap.put("/admin/**","authc,roles[admin]");
//        filterChainMap.put("/user/**","authc");//配置一个user开头的所有请求需要登录，authc表示需要登录认证
//        filterChainMap.put("/**","authc");//配置剩余的所有请求都需要登录认证（必须写道最后

        //一级菜单
        filterChainMap.put("/main","authc,perms[mains]");            //首页
        filterChainMap.put("/main","authc,perms[studentmanger]");    //学员管理
        filterChainMap.put("/main","authc,perms[teachermanager]");    //教学管理
        filterChainMap.put("/main","authc,perms[calzzmanager]");     //班务管理
        filterChainMap.put("/main","authc,perms[jobmanager]");       //就业管理
        filterChainMap.put("/main","authc,perms[systemmanager]");     //系统管理
        filterChainMap.put("/main","authc,perms[formmanager]");      //报表中心

        // 首页页面所有成员都可访问      （增加活动的按钮通过页面条件判断实现显示）
          filterChainMap.put("/main","authc,perms[main]");    //首页
////         //学员管理页面所有成员都可访问
          filterChainMap.put("/student/list","authc,perms[student:list]");      //学员信息
          filterChainMap.put("/student/weekscore","authc,perms[student:weekscore]");  //周考成绩
          filterChainMap.put("/student/processscore","authc,perms[student:processscore]");  //阶段考评
          filterChainMap.put("/student/synthesize","authc,perms[student:synthesize]");    //综合成绩
//          //教学管理（除了加班批准其余所有人都可以看）
          filterChainMap.put("/EduManage/lessonList","authc,perms[EduManage:lessonList]");  //课程安排
          filterChainMap.put("/EduManage/dutylist","authc,perms[EduManage:dutylist]");     //老师值班
          filterChainMap.put("/EduManage/workapply","authc,perms[EduManage:workapply]");    //加班申请
            filterChainMap.put("/EduManage/workaudit","authc,perms[EduManage:workaudit]");  //加班批准(教学主管)
          filterChainMap.put("/EduManage/worklist","authc,perms[EduManage:worklist]");    //加班汇总
//
//        //班务管理
           filterChainMap.put("/clazz/mclazzList","authc,perms[clazz:mclazzList]"); //所有班级 （教学主管）
           filterChainMap.put("/clazz/tclazzList","authc,perms[clazz:tclazzList]");     //我的班级（老师）
           filterChainMap.put("/clazz/htclazzList","authc,perms[clazz:htclazzList]");    //我的班级head（班主任）
//
//        //就业管理
        filterChainMap.put("/interview/allStudentInterviewList","authc,perms[interview:allStudentInterviewList]"); //技术面试
//
//        //系统管理
        filterChainMap.put("/role/role","authc,perms[role:role]"); //用户权限  （教学主管）
//
//        //报表中心
        filterChainMap.put("/permission/salplabiao","authc,perms[permission:salplabiao]"); //就业统计
        filterChainMap.put("/permission/rate","authc,perms[permission:rate]"); //比例统计  （教学主管）
//
//        //其余的默认登陆认证
        filterChainMap.put("/**","authc");  //配置剩余的所有请求都需要登录认证

        //设置权限拦截规则
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainMap);
        return shiroFilterFactoryBean;
    }
    /*
    开启Shiro注解支持(例如@RequiresRoles()和@RequiresPermissions())
    Shiro的注解需要借助Spring的AOP来实现
     */
//    @Bean
//    public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator(){
//        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator=new DefaultAdvisorAutoProxyCreator();
//        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
//        return defaultAdvisorAutoProxyCreator;
//    }
    /*
    开启AOP的支持
     */
//    @Bean
//    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager){
//        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor=new AuthorizationAttributeSourceAdvisor();
//        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
//        return authorizationAttributeSourceAdvisor;
//    }
    //开启页面Shiro验证支持
    @Bean
    public ShiroDialect shiroDialect(){
        return new ShiroDialect();
    }

    @Bean
    public MyModularRealmAuthenticator myModularRealmAuthenticator(){
        MyModularRealmAuthenticator myModularRealmAuthenticator=new MyModularRealmAuthenticator();
        return myModularRealmAuthenticator;
    }
    //页面语言配置
    @Bean
    public LocaleResolver localeResolver(){
        return new MyLocaleResolver();
    }
}
